From 6c8e1cc719bb44dec1d20f95efda1c0e0f23116d Mon Sep 17 00:00:00 2001
From: Max Kratz <account@maxkratz.com>
Date: Sun, 21 Apr 2024 11:04:29 +0200
Subject: [PATCH] Blocks some IPs

---
 inventory/group_vars/all.yml        |  8 ++++++++
 roles/firewall-block/tasks/main.yml | 20 ++++++++++++++++++++
 2 files changed, 28 insertions(+)

diff --git a/inventory/group_vars/all.yml b/inventory/group_vars/all.yml
index de798b7..0f8135e 100644
--- a/inventory/group_vars/all.yml
+++ b/inventory/group_vars/all.yml
@@ -40,3 +40,11 @@ forgejo_release: "1.21.11-1"
 
 swap_size: "2048"
 swap_file: "/swapfile"
+
+#
+# Blocked IPs
+#
+
+blocked_ips:
+  - 47.76.99.127
+  - 47.76.209.138
diff --git a/roles/firewall-block/tasks/main.yml b/roles/firewall-block/tasks/main.yml
index fe9ad2c..f6d3204 100644
--- a/roles/firewall-block/tasks/main.yml
+++ b/roles/firewall-block/tasks/main.yml
@@ -82,3 +82,23 @@
     proto: tcp
     insert: 5
     route: true
+
+#
+# Block IPs from list
+#
+
+- name: Block IP (normal)
+  community.general.ufw:
+    rule: deny
+    insert: 1
+    route: true
+    src: '{{ item }}'
+  loop: "{{ blocked_ips }}"
+
+- name: Block IP (fwd)
+  community.general.ufw:
+    rule: deny
+    insert: 1
+    route: false
+    src: '{{ item }}'
+  loop: "{{ blocked_ips }}"